[El-errata] New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELBA-2018-4050)

[Errata Announcements for Oracle Linux]

Synopsis: ELBA-2018-4050 can now be patched using Ksplice
CVEs: CVE-2017-16649

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2018-4050.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2017-16649: Divide by zero when binding a network USB device.

A logic error when binding a network USB device could lead to a divide
by zero error. A local attacker could use this flaw to cause a
denial-of-service.

Orabug: 27215191


* Missing Spectre v1 reporting.

Incorrect setting of the Spectre v1 bug flag could fail to report a
system as being mitigated with an lfence based defence.

Orabug: 27470707


* System crash in Broadwell microcode updates.

A microcode bug in specific Broadwell microcode revisions could result
in a system crash and reboot when applying microcode updates.  For these
revisions, only a BIOS based microcode update is supported.

Orabug: 27343573


* Missing Spectre V2 protections on AMD systems.

A difference in capability reporting between AMD and Intel based X86
systems could result in failure to apply IBRS protections on AMD
systems.

Orabug: 27478139


* Missing IBRS protection for KVM guests.

IBRS needs to be exposed for KVM guests that will only mitigate Spectre
V2 with IBRS.  This allows a host without IBRS protection active to
still allow guests to use IBRS themselves.

Orabug: 27525577


* Spectre v2 hardening on context switch.

Additional speculation barriers on context switch add protection for
sensitive processes to prevent leaking of sensitive data across
privilege boundaries.

Orabug: 27524607


* Spectre v2 bypass in 32-bit compatibility system calls.

Missing clearing of unused registers during a system call could allow an
attacker to cause speculation on user-supplied values under specific
conditions.

Orabug: 27534437


* Kernel crash in interrupt exit with KPTI.

Incorrect dereferencing of a kernel pointer under user page table
mappings could result in a kernel crash when leaving an interrupt
handler under specific conditions.

Orabug: 27501741


* Kernel hang in QLogic mailbox handling.

Incorrect locking could result in deadlock and a kernel hang when
processing mailboxes on a QLogic network adapter.

Orabug: 27337130


* Kernel crash in KVM guest user mode return.

Incorrect locking could result in a use-after-free and kernel crash when
a KVM guest returned to user mode under specific conditions.

OraBug: 27623523


* Kernel hang in the SCSI stack when changing device state.

Lack of locking when checking and changing an SCSI device state could
result in state corruption and a device stall.

Orabug: 27339736

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.